Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Student' = '%PROGRAM_FILES%\student.exe'
- '%PROGRAM_FILES%\student.exe'
- '<SYSTEM32>\reg.exe' add hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Student /v test /t REG_SZ /d %PROGRAM_FILES%\student.exe /f
- '<SYSTEM32>\WScript.exe' "%TEMP%\3582.vbs"
- %TEMP%\358211.bat
- %TEMP%\3582.vbs
- %PROGRAM_FILES%\student.exe
- '12#.#34.6.34':2012
- '25#.#55.255.255':2012
- DNS ASK dn#.##ftncsi.com
- DNS ASK us##.#zone.qq.com
- ClassName: 'Shell_TrayWnd' WindowName: ''